I’ve worked with Netscaler, and Netscaler Gateway (formerly Access Gateway Enterprise Edition) for a number of years now, and whilst I’m a huge fan of the technology, over that time I’ve built up a number of “I wish it did this” items. Some are the results of things I’ve found, whilst others have been requested by end users.
I though it was time to put them down on paper (well, in electronic format at least), share with the world and get some feedback and hopefully visibility.
In no particular order…
1. Allow an Access Gateway VIP to be behind a Context Switch Virtual Server
This would allow organisations with a single internet IP address to host a number of services behind the CSS VIP including Sharefile connector, Access Gateway etc. At present you need two internet IPs as the Access Gateway VIP can’t be behind a CSS VIP on the same Netscaler. The CSS VS would then correctly route traffic based on the incoming host headers (or traffic type if support for incoming ICA sessions was added, which are not http-based)
2. Resultant set of policies view
When troubleshooting Netscaler Gateway configured to allow access from a variety of device types, you end up with a myriad of session and client-less access policies, some bound to the Netscaler Gateway VIP, others to AAA user groups and others possibly bound globally (e.g. the Netscaler Gateway defaults)
Troubleshooting any connectivity issue becomes very hard when you can’t see which policies are being applied to incoming user sessions. A RSOP viewer for “currently connected sessions” showing which policies have been applied, and in what order, would be hugely beneficial when troubleshooting.
3. More flexibility in AAA servers
The latest Netscaler 10.1 release added a third “group extraction” AAA binding option to Netscaler Gateway VIPs. This means that the group that controls access can be in a different directory/AD domain to your primary or secondary authentication directory. I’d like this expanded further so that you can “do more” with this third AAA service, for example query it for particular attributes.
For example the “SSO Name attribute” extraction functionality queries an LDAP authentication server, and then uses the resulting value to authenticate through to StoreFront. But why only StoreFront? I’d like the flexibility of doing this in any AAA server, and choosing how the resulting value is used.
As an example, a username for my cloud-hosted RADIUS account might well be different to my AD login, and whilst there is a way of working around this by populating an unused AD attribute, it would be nice if Netscaler supported this use case out of the box without users having to change the way they log in. In this particular customer example, they had a third non-AD enterprise LDAP directory where various attributes were stored, including the username used for their third party RADIUS service.
4. Improved configuration wizards
There has been an explosion in wizards in recent Netscaler firmwares, and whilst it’s good to allow the novice administrator a faster route to configuring what is a complex device, the way they have been implemented can be improved.
They are not fully restart-able. If something goes wrong part-way through, re-running the wizard often then fails due to the part-configuration already applied. Your only solution then is to roll back to a previous device-wide configuration and start again.
A better approach would be to collect all the information, check the existing configuration for anything that might cause it to fail, then provide all the configuration commands that are about to be executed (much like XenDesktop shows you the PowerShell behind every command in the console) I know you can extract this information from the log post-change, but providing the actual configuration the wizard will create will help understand what changes it is making.
As an example, here is the configuration created by the Cloud Bridge load balancing wizard. Free beer to anyone who can tell me what every command actually does in the comments
set lb parameter -preferDirectRoute NO -sessionsThreshold 150000 add server x.x.x.x y.y.y.y add service BR_LB_SVC_x.x.x.x y.y.y.y ANY * -gslb NONE -maxClient 0 -maxReq 0 -cip DISABLED -usip YES -useproxyport NO -sp OFF -cltTimeout 120 -svrTimeout 120 -CKA NO -TCPB NO -CMP NO -downStateFlush DISABLED -appflowLog DISABLED add lb vserver BR_LB_VS_UK ANY * * -persistenceType NONE -Listenpolicy "(SYS.VSERVER(\"BR_LB_VS_UKLab\").STATE.EQ(UP)&&((CLIENT.TCP.OPTIONS.TYPE_NAME(REPEATER).EXISTS&&CLIENT.TCP.REPEATER_OPTION.IP.EQ(x.x.x.x))||CLIENT.IP.DST.IN_SUBNET(y.y.y.0/27)))" -Listenpriority 0 -m MAC -cltTimeout 120 -downStateFlush DISABLED -l2Conn ON -appflowLog DISABLED add ns acl BR-TCP-ALLOW-ACL ALLOW -protocol TCP -priority 10 -kernelstate SFAPPLIED61 -logstate ENABLED add ns acl BR-BRIDGE-ACL BRIDGE -priority 20 -kernelstate SFAPPLIED61 -logstate ENABLED set uiinternal LBVSERVER BR_LB_VS_UKLab -rule "x.x.x.x%y.y.y.y%z.z.z.0/27"
5. Provide console access to the AAA log
Troubleshooting authentication issues on Netscaler is a very common task, and having to launch a ssh session, drop out to the shell, then cat /tmp/aaad.debug is a very user-unfriendly way of accessing a very common log file.
Access to this log should be provided via the Diagnostics area of the console, or even via a view in the Dashboard, and the output should be rationalised to remove the debug entries that currently appear (and easily confuse) every 10 seconds or so.
6. DNS-based CSS traffic routing
OK I know the title says five, but I requested this a while ago so it’s worth a reminder! I had a use case where a Netscaler was load-balancing a number of Apache web servers, each hosting many hundreds of websites. As part of the regular maintenance program, users domains were migrated between back-end web servers to facilitate upgrades. At present, the Netscaler has to be hard-coded to which back-end Apache server a particular incoming hostname should be sent to via a CSS VS. This results in long pattern-sets containing lists of hundreds of hostnames to perform a look-up.
What I’d like is an expression than can determine the correct back-end service to use, based on the results of a DNS query. As accounts were moved between Apache servers, various DNS records were updated to reflect their new “home” server.
e.g. something like
which you can then use in a CSS policy binding to route traffic:
What are your top Netscaler feature requests? Agree with mine or have some more of your own? I’d love to hear about them via the comments.
I love writing these kinds of posts – real world examples of troubleshoot live environments, and sharing the methodology I used to find the root cause. As with all of my posts, click on the screenshots to enlarge.
[updated on 11/10/13 to add an additional caveat when using the GC for multi-domain authentication]
I was asked to investigate an error which was preventing users from logging into their StoreFront site externally via a Netscaler Gateway.
As usual, the error message wasn’t particularly helpful or descriptive, so we’re going to have to do some elimination.
Direct Storefront login
The first step was to log into the Storefront site directly (bypassing Netscaler Gateway) to see if it was an issue affecting the entire server.
Direct Login to StoreFront was working OK.
Check StoreFront configuration
Let’s check that someone hasn’t messed with the StoreFront configuration.
Pass-through from Netscaler Gateway is present, and enabled. All looks good so far.
Check StoreFront event logs
Whilst on the Storefront server, looking at the event log gave the first clue as to why logins via Netscaler weren’t working. Storefront (finally) get’s their own event logs so you don’t have to trawl through the application or system log to find these now (thank you Citrix!). They are under “Event Viewer -> Windows Logs -> Applications and Services -> Citrix Delivery Services”
Here is the error generated when someone logs in via Netscaler Gateway:
The error “FailedMissingDomain”, and the username of the format “SAMAccountName” rather than “DOMAIN\SAMAccountName” indicated that the users domain name wasn’t being passed to StoreFront, which of course could not then authenticate the user to enumerate the applications.
Looks like it’s time to move over to the Netscaler to figure out why our domain name isn’t being sent to Storefront.
How Netscaler Gateway handles AD domains
There are two ways that a users domain can be specified when logging into Netscaler Gateway.
1. In the Session Profile
In the Published applications tab of the session profile, there is a “Single Sign-on Domain” field. If your users are only authenticating to a single domain, you can specify it here, and Netscaler Gateway will prefix this to the username when passing the credentials to StoreFront.
2. As part of the username (e.g. UPN format)
Active Directory has supported UPN-based logins since the Windows 2000 days where you login using email@example.com
However, most companies don’t use this as it’s quite a bit more typing for users, and if your AD forest is different to your external email domain, which is often the case, users get confused between their AD UPN and email address resulting in account lock-outs and increased helpdesk calls.
How Netscaler Gateway supports multiple AD domains
In this instance, the client wanted to login to multiple AD domains (in the same AD forest) but not force the user to enter either their domain name or UPN – they just wanted users to enter their NT-style userid (SAMAccountName in AD).
There are two ways of supporting multiple domains on a Netscaler Gateway.
1. Create multiple LDAP Authentication profiles
You create an LDAP authentication server and profile for each NT domain that users need to authenticate against. These are all bound (in order of most popular first) to the Access Gateway vServer, so when a user logs in, an LDAP authentication is fired off to each one of them in turn. It only needs one to return positive (i.e. from the correct domain) to allow the user to login.
You could use this method for when your domains aren’t in the same forest, or users have identical accounts in multiple domains.
2. Authenticate against a Global Catalog
If your multiple AD domains are part of the same forest, you can authenticate against the AD Global Catalog server using SAMAccountName, and use the LDAP SSO Name attribute to retrieve the users UPN (stored in the UserPrincipalName attribute), which you can then pass to StoreFront so it knows which domain the user is from.
To set an LDAP authentication server to point at your global catalog, set the LDAP port to 3268, and check with your AD team that they’ve not adjusted any of the default attribute set that a GC server hosts.
Set the Base DN to a high-enough level that it covers all of the child domains present on that Global Catalog.
There are a couple of important caveats to be aware of when using this method
1. Duplicate accounts
If you have users who have identical accounts in multiple domains in the forest (which is allowed), then querying the GC with your sAMAccountName will authenticate against the first domain returned by LDAP as it can’t distinguish which domain account you want. This may not actually be the account the user intends.
To work around this, users will either have to login with their UPN (which includes the domain) or stick to method #1 above. Either way may involve creating multiple LDAP services and binding them all against the Access Gateway vServer – remember only one has to return TRUE for a user to be authenticated.
2. Password changes
If configured, the Netscaler supports changing an expired password. Because the Global Catalog is a read only directory containing a partial attribute set you can’t change a users password using it. I note that Netscaler 10.1 supports LDAP referrals, but I’ve not yet tested whether a request to a GC to change a password would result in a referral issued pointing tothe regular LDAP service on a DC where this would be possible (I suspect not – asking far too much of a simple GC!)
Telling StoreFront the domain
So we’ve authenticated the user (on the Netscaler) to one or more possible AD domains. But now we need to let StoreFront know which domain the user is in.
For both of the above methods ensure you set the “SSO Name Attribute” in your session profile to UserPrincipalName so that the UPN is extracted via LDAP and passed to StoreFront.
If you do use this method, ensure that you don’t set a Single Sign-on domain in the session profile, and that you have set the correct CredentialIndex field in your session profile:
In this instance, I’m only using single-factor authentication, so the credential index was PRIMARY.
If you were using two-factor, and had RADIUS bound as the primary authentication policy in the vServer, you would need to change this to SECONDARY to ensure that the UPN attribute is extracted from the correct (LDAP) authentication profile. See my other post for a clever way to allow a different username to be used for each authentication factor.
OK, but why can’t users log in?
So, we’ve got this far, and everything is configured correctly. Our Global Catalog server is up and reachable from the Netscaler. We need to dive into the AAA logfile, which is accessed by opening a SSH session to the Netscaler, dropping out to the shell (just type shell) then type:
Then perform a test login to Netscaler Gateway, whilst watching the output in your SSH session. On our problematic Netscaler, this was the output:
The Netscaler is authenticating us OK, but is failing to retrieve the UserPrincipalName attribute, so of course can’t pass it as the username to StoreFront, resulting in the “MissingDomain” error we observed earlier.
Lets look at the LDAP server configuration again. Look very closely at the SSO Name Attribute field. Do you spot what’s causing the attribute look-up failure?
BINGO! There is a typo in the SSO Name Attribute field, where the UserPrincipalName attribute has become UserPrincipleName
Correcting this typo fixed the issue, as the attribute was then read correctly from LDAP:
If you’ve been working with Citrix, Microsoft or VMware virtualisation technology for a while and have never been to E2E/PubForum then you’re seriously missing out.
I’ll be attending the next E2E in Rome, my 10th E2E/PubForum and here’s some of the reasons why:
- Good technical presentations from fellow experts and architects.
- Registration is hundreds of euros, not thousands.
- It’s one of the more
chaoticrelaxed and informal conferences.
- It used to be called PubForum, so there’s usually beer involved at some point
- Attendees are limited to around one hundred so its small enough to retain that “big family” feel
- Probably the only place you’ll get networking and quality face-time with 15 CTPs and 18 MVPs without them all having to rush off because of other presentation commitments
- There’s a good mix of loyal regulars many of whom I can now call friends, plus a healthy flow of newbies to make new contact with
- It’s consultant-friendly being mostly on the weekend so I only need to take one day of unpaid leave
- I get to visit lots of nice European cities and it’s only a short plane ride from the UK
- The venues are all inexpensive hotels that won’t break the budget (take note Synergy!)
- By extending my stay for just a day I get to give the family a long weekend break (aka brownie points)
- Alex (the organiser), is a very funny guy, after all these years still claims to make no money whatsoever from this so I’m happy to continue to support his self-delusion.
It’s these reasons why I’ve been to 10 PubForum/E2E and only one BriForum conference in the past five years.
If the above sounds appealing, don’t waste any more time and register for one of the last few remaining seats for Rome on 1st November.
Hope to see you there!
Whilst many will travel to Citrix Summit on expenses of ones employer, for those independent consultants like myself, who’s expenses ultimately come out of ones own pocket, I’m always looking for ways to save money on travel expenses.
This years Summit is being held in Orlando, which means there’s a great selection of accommodation for a variety of budgets in the immediate vicinity of the Orange County Convention Centre.
The hotels that Citrix have partnered with are, as usual, all pretty pricey, at between $145 and $175 a night (plus tax) if you book through the conference website. The Rosen Plaza hotel appears as fully booked on travel websites (as Citrix has no doubt block-booked most of the rooms) however the Doubletree by Hilton can still be booked directly for $119 per room if you book here and use a HFAL10P discount code to give you 10% off. The Rosen Centre Hotel comes in at $181 including tax using the same site and code.
For those with smaller wallets…
$99 special for Wyndham Orlando Resort
You can purchase a voucher that will give you two nights accommodation at Wyndham Orlando Resort, which is about 1 mile away from the convention centre (40 minute walk, or 15 minutes by bus). If you’re arriving on Sunday then you might need to add an additional night (or book separately for that one night)
The process is a bit convoluted as it involves redeeming your voucher with a travel agency, specifying your preferred locations/dates then hoping for the best. It’s also in theory restricted to US residents only, as none of the address fields allow non-US addresses, but I just put the zip code of the convention centre, and I got my voucher through OK.
The price is a genuinely good deal however, as booking the same property via their website for two nights costs $199 per night plus tax.
Caveat: whilst I’ve purchased and submitted my voucher, I’ve yet to hear back from the travel agency as to whether my chosen dates are available, so you may want to wait for a few days until I can post my results back here. The deal expires on 7th October so there’s a bit of leeway.
My voucher arrived 4 days after submitting my request. Result!
Other cheaper options
The venue for E2E Rome has been announced, and booking direct with the venue is usually cheapest, however their cheapest rate is non-refundable.
To match the venue’s cheapest price, use this link, and enter discount code HCSUMM10 to get 10% discount. You can also add an optional breakfast which also qualifies for the discount.
The end result is the same price is booking directly with the venue hotel, but you have the reassurance of a fully refundable booking should your plans change
Waste of a generation
When you think about software, what comes to mind? Traditional office-based applications like Word, Excel and Powerpoint? Mobile “Apps” for iPhones and Android? Operating systems? Embedded software powering our cars, microwaves and washing machines? All are examples of software of course, just at different levels of user interaction.
Having working in the IT industry for over 18 years (has it really been that long?!) one notices trends. One major trend is the move to doing everything “in software”. First it was the hypervisor. No more physical tin for our server installs…there is now a layer of “software” abstracting our servers from real silicon.
It was inevitable that following server virtualisation came Network and storage virtualistion with virtual routers and switches like the Nexus and OpenvSwitch. All based upon software. Of course, physical switches contain software too – and quite complex software too – Cisco IOS contains 40+ million lines of code – that’s the same as Windows XP.
Alongside this is the explosion of “apps” for consumer devices, many of which written by individuals working in their bedroom.
Software is going to be important. And increasingly so. And the ability to write software are going to be crucial for our economy if we’re to keep up with demand, and every growing competition developing countries.
If you’ve been a student in a UK school in the past decade, you would of been led to believe “IT” (or ICT as it’s now known) means knowing how to write a letter in Microsoft Word, and add up a column of numbers in Excel and draw some colourful shapes in Paintbrush. This isn’t the IT I was taught at school, nor should it be what our children are being taught now.
We’ve thrown away two generations of potential authors of the next Angry Birds, the next Facebook or the next Xen hypervisor by turning them into Office automatons.
What a waste.
Don’t get me wrong, I think knowing how to use productivity applications, especially the Office suite used in the majority of workplaces is a useful skill, and should be taught at some stage in preparation for life in the workplace. But it’s not ICT, nor should it be labelled as such.
The government (perhaps swayed by a large pot of cash from Google and Facebook lobbyists?) appear to be planning to change the ICT curriculum taught to our future generation. The mainstream press seem to agree it’s a good idea.
Having purchased a Raspberry Pi, mainly so I could run RISC OS and XBMC on a computer the size of a credit card and for under £25, I came across a coding tool call Scratch that was baked into the Raspbian OS image. There are thousands of hobbyists doing crazy things with their Pi which is awesome, but one of the original aims of the Raspberry Pi foundation was to create a computer cheap enough that dozens could be given away to pupils to inspire them to code.
Here is where CodeClub comes in. Changing the nationwide ICT curriculum is like turning an oil tanker. It’s going to take a while. So in the meantime, CodeClub aims to plant the seed using volunteers teaching coding to 9-11 year olds via after school clubs.
The video below gives a good overview
I’ve been attending Croydon TechCity events since it was founded last year, and one evening was dedicated to technology in education, with one of the founders of CodeClub giving a presentation. As a result of this, a group of organisers started coordinating a plan to start CodeClubs in the boroughs schools.
Time to step up
Anyone who know’s me knows that I’m enormously busy. Working full time as an independent consultant, helping run the UK Citrix User group, speaking at and attending conferences, TechCity, Toastmasters, Purley Business Association, and running a hosting company whilst also being a good husband and father means I have virtually no free time. So fitting in a weekly code club will be a challenge, but I think it’s cause worthy of my time and effort.
I’m currently honing my Scratch skills, reading up on how other CodeClubs have gone, and reading through the CodeClub curriculum whilst awaiting for my CRB checks to go through before I can officially start my club.
I’ll be blogging about how my club goes, so watch this space for updates!
If this has inspired you to do the same, sign-up on the CodeClub website as a volunteer, and get in touch with your local schools to start your own club, and prepare the next generation of kids with the skills that will allow them to succeed in a world driven by software.
A slightly different blog post for today!
As some of my peers may know, I work as an independent consultant, and have ever since I graduated in 1995! There are many different schemes on the internet that claim to maximise your earnings but I’ve always steered clear of these as many get shut down when legislation catches up with whatever workaround they are using (indemnified loans, offshore trusts etc) to avoid paying tax. I believe everyone who earns money has an obligation to pay their fair share of tax.
However, the government offers a number of schemes to help offset the cost of childcare. One of these is childcare vouchers. I’ve spoken to a number of consultants who have never taken advantage of these on the mistaken belief that it’s too complex to set up and the costs involved in getting a third party company to administer the scheme would outweigh any benefit.
Neither are the case. read more…
Here’s the scenario: Contoso Inc (good name as any eh?) want to block users from a specific country from accessing their infrastructure. Because these users are particularly smart, they’ve been using anonymous proxies that use frequently changing IP addresses to circumvent regular GeoIP location detection, so the company decides to block all IPs from anonymous proxies and use a real-time service.
And conveniently they already have Netscaler technology in place to protect and accelerate their web sites. Good choice Contoso!
I’m actually going to detail two different ways of achieving this, one using a freely available (but only updated monthly) static GeoIP database, and the other using a realtime GeoIP service that meets the original requirement.
We’re going to use quite a few of the Netscaler features: GSLB database, load balancing, responder, http callouts, integrated cache and pattern sets, so make yourself a cuppa, grab a biscuit and let’s go!
I recently had a question posed by a client who wanted to use Access Gateway on Netscaler to provide XenApp published applications to IOS devices.
Straightforward stuff you’d think right?
The situation soon got more complex when I found out that they had outsourced their two-factor authentication service to a third party, and that the usernames used on this system were different to both their internal Active Directory user ids and email addresses.
Even worse, they didn’t even use the existing UPN’s that one might use to authenticate with AD as an alternative to traditional user IDs.
Despite being able to setup multiple authentication services on an Access Gateway VIP, you can only enter a single userid that then get’s used against all authentication servers.
I love a good challenge, so set about working out how I would solve this problem, and I though I’d share the solution via this blog post.
After returning back from a busy week at Summit & Synergy I thought I’d reflect on what I’ve learnt and what other questions have arisen as a result.
The long-awaited Project Jasper finally saw the light of day, now renamed to project Excalibur (which is also a sub-part of Project Avalon..confused yet?) which sees XenApp moving into the same FMA-based management architecutre as XenDesktop, with the single Studio console (yes, YACNC – Yet Another Console Name Change!) managing the creation of both XenApp and XenDesktop workloads. FlexCast 2 coming to a lab near you on Nov. 1st. The other part of project Avalon that wasn’t talked about a great deal (because it’s still quite a way off) is project Merlin, that brings all the CSP cloud automation to Citrix enterprise offerings, allowing the “cloudification” of your internal IT, automating the creation of users, resources (e.g. exchange), desktops and applications.
There was much love for Cisco, who are now Citrix’ best friend, announcing a new partnership agreement around a number of products including Netscaler, Cloudstack and XenServer. The most exciting prospect of this for me is if Cisco replace their ACE load balancing technology with Netscaler technology and build it right into the switch fabric. Imagine the throughput you could get, and no need for a physical appliance and all that patching. F5 should be rightly running for cover.
I atttended both the instructor-led labs I had booked into, plus one other via the standby queue. The first was Cisco UCS, which I’d not seen before, so this was very informative and I learned a great deal. The second was “Build your cloud in 5 hours” which again was looking at products I’ve only briefly touched on (Cloudstack). Again, this was informative and well written lab, using two Xen-on-Xen VMs to provide two virtual XenServers that Cloudstack could control to build it’s own private cloud. The final lab on the Friday morning was using integrating personal vDisk (formerly known as Ringcube) into PVS and MCS environments. Again, having done little with personal vDisk in the past, this was a useful lab to attend to familiarise myself with the product.
I also attended one of the self-service learning labs and performed a CloudGateway installation with Storefront and Netscaler AGEE integration.
Citrix have made the unusual (but very welcome) step of making all the self-service labs available until the end of the year. Nice one!
Did Synergy meet my expectations? Yes! Highlights…
Before Synergy, I posted a blog around what I hoped to get out of the conference including some questions I was looking for answers to on the XenClient roadmap.
Well, good news and bad here. I did get an answer in that the XenClient 2.x roadmap is coming to an end and all development will focus on the 4.x Enterprise version. The bad news is there is no upgrade path from one to the other, or any way to move VMs from one to another due to different vhd formats having been used in the 2.x product, and the ex-NXtop 4.x Enterprise version. So, I’m going to have to completely rebuild by XenClient laptop, and use an external mechanism to backup all the VMs running there then restore into the Enterprise Edition.
Another item I followed-up on from Synergy 2011 was the changes made to the partner program that introduced a minimum annual revenue generation requirement to remain as a Citrix partner. I raised this with the head of the EMEA partner program and the response was positive. They recognise that, especially in EMEA, there are a number of partners who are consulting-only and don’t sell licenses. Citrix have introduced a new tier of “consulting partner” that you can be tagged with by contacting your regions partner operations team. This flag will mean you don’t need to transact the $5k of annual new business, and, rather surprisingly, also don’t need to maintain the full set of technical certifications (only the CCSP’s are required). Consulting partners are still encourage to log CARs to get recognition where it’s due. So, welcome news from Citrix in that area, which put me in a great mood to enjoy the rest of the conference.
One new item I did enjoy was the Synergy game – collecting codes from around the venue and competing with fellow attendees for the most points. It did ensure I got the most out of the conference by attending all the sessions and training available.
Shame the game appeared to have some bugs, which didn’t make it a level playing field across all devices, but hopefully Citrix will take this into account when choosing the winner, and address these for the next Synergy.
The WiFi was much improved from 2011 and I don’t think there was ever a time that I lost connectivity all week. Even during the keynote sessions, with thousands of other devices in the same room, I could tweet via WiFi (although I think part of that was down to my device which has 802.11n 5GHz support – many iPhone users with 2.4GHz only could not connect at the same time)
Credit to the tech guys who flew all the kit over from the US and installed it. Top job.
Areas for improvement
Whilst my conference was generally positive, there were a few areas that I thought could be improved. These didn’t all make it into the feedback form so hopefully will find their way back to the organisers.
Synergy mobile app
Whilst having a mobile app that allows off-line viewing of the sessions is a great step forward, it would be nice to be able to configure this to auto-update its data without prompts when on WiFi. As the app seemed to update it’s data every few minutes, the constant prompts to update got quite intrusive after a while.
The stability of the app can certainly be improved – on my Galaxy Nexus running ICS the app frequently crashed when navigating around it.
I don’t know whether I was just more busy than most, but there was no time to spend with anyof the ecosystem vendors, or even Citrix, in the Solutions expo hall. There was always either labs, breakout sessions or keynotes taking place. It didn’t help that both keynote session ran over, eating into the facetime available with vendors. Maybe one of the welcome parties should be held in the venue to increase the time available to talk with vendors rather than bus us all somewhere else.
Both keynotes ran over time, the second day super session by 20 minutes, meaning there was no time for lunch between the finish of the super session and the start of my lab at 1pm. Given you need to get into labs bang on time to avoid your place being given to people in the standby queue, keeping sessions to time is important.
Despite collecting all the available codes, I was still several places down the leaderboard. On querying this with the tech helpdesk, it appears that some of the surveys were not showing up on Android devices, and other surveys had been submitted twice, incorrectly giving double the points.
As I tweeted a few days before the conference started, next year will see Synergy move to ExCel centre in London so presents a great opportunity to welcome old friends and colleages to home turf. As with the two previous Synergy’s I will be organising a consultants apartment (despite not needing one myself) so do watch out for details if it’s something you could make use of.